28 Considerations/conditions (continued) • Furthering the ongoing push for tighter security controls, some underwriters are Claims trends putting more focus on larger organization’s IT operations as they would any other board- level review. Mergers and acquisitions Social engineering fraud and Bracing for increased cyber regulations • Challenged industry classes continue to include transactions remain a major continued ransomware threats • In August, Florida became the second education, health care, municipalities, private target for cyberattacks. • Social engineering attacks have state to forbid its governmental equity 昀椀rms, managed services providers been leading to fraudulent agencies to make ransomware (MSPs), technology, and manufacturing. payments and have outdistanced payments following a similar rule • Some newer market entrants are including Attackers are becoming more ransomware losses in 2022. passed in North Carolina in May. cybersecurity controls with the insurance successful at leveraging IT However, the latter has increased Other states could join in passing purchase and some existing markets are tools against victims because in severity. other cyber-related laws. However, being more proactive in providing resources it is the easiest way to remain the e昀昀ectiveness of such laws remains to help insureds prevent cyber incidents. In undetected when in昀椀ltrating • Indiscriminate attacks due to the in question as public sector entities many cases, these improvements can make the systems and data. ransomware-as-a-service model are on the rise and are predicted to be (including education) traditionally di昀昀erence in deciding who an insureds best among the biggest threats to the have the least evolved cybersecurity business partners should be. There has been a general cyber market in the coming years. practices so are particularly vulnerable • Carriers are more closely evaluating risks increase in monetization to attacks themselves. with embedded website tracking technologies of consumer data on the • More ERISA and retirement • It is imperative for all organizations to dark web. plan-related litigation concerns (meta pixel exposures). Litigation and have been arising. Where a adopt cyber controls (refer to MMA’s top regulatory scrutiny targeted at health care cybercriminal is impersonating twelve security controls) to obtain cyber organizations is now crossing over into similar Multi-factor authentication insurance which provides an additional examination of organizations across all a plan participant, or 401(k) risk transfer mechanism. (MFA) fatigue and “attacker in participants’ sensitive data is industries, largely because of expanded state- the middle” phishing are both stolen, more lawsuits of this • Assessing network vulnerabilities and level privacy and consumer laws. creative ways attackers nature are likely on the horizon. acting to strengthen resilience has • The cyber market aversion to cryptocurrency are 昀椀nding avenues around never been more important. and NFTs was further impacted by the collapse MFA controls. of FTX in November.